Google Reveals Why Your Account Is Most Likely To Be Hacked

The threats online can be encapsulated to three MOs: keylogging, third-party breaches, and phishing.

Google said that hackers are searching and have found different usernames and passwords on different platforms on the black market. So, after learning the most common methods for hijacking, Google has some tips on how Gmail users can protect their accounts from outside threats.

But things could get worse, as the team pointed out that hijackers are taking steps to get more data making it easier to get access to user accounts.

The Gmail provider claimed that in a time period of just 12 months, there were a 7,88,000 login credentials stolen using keyloggers (tools that record what you type in), while another 12 million were stolen using phishing techniques.

While Google accounts were used as a case-study, the tactics employed by these cyber criminals could be used to gain access to other online accounts as well.

They analysed several black markets between March 2016 and March 2017 to see how hijackers steal passwords and other sensitive data. The success rate is higher when using phishing and keyloggers: 12 - 25 percent of passwords obtained using these attacks yielded valid passwords. In terms of risk to users, however, Google says that data breaches fall far behind phishing, where a hacker pretends to be a person or company and directly asks for user data, and keylogging, which is a more direct attack that records users when they are typing.

With majority of the sites requiring more than the password, it was also found out that 82% of blackhat phishing tools and 74% of keyloggers were used to collect user's IP address and location, while 18% of tools collected phone numbers and device make and model.

The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.

"We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state". If a friend or family member had their account hijacked, you could be receiving a dirty attachment.